Web Dev Roadmap for Beginners (Free!): https://bit.ly/DaveGrayWebDevRoadmap

Node.js JWT Authentication is leveled up when you add refresh token rotation and reuse detection. We'll also be adding support for multiple logins / devices to the an existing REST API in Node JS.

Subscribe https://bit.ly/3nGHmNn

Starter Source Code: https://github.com/gitdagray/mongo_async_crud

Completed Source Code: https://github.com/gitdagray/refresh_token_rotation

Node JS Full Course for building the REST API: https://youtu.be/f2EqECiTBL8

React Login Authentication Series: https://www.youtube.com/playlist?list=PL0Zuz27SZ-6PRCpm9clX0WiBEMB70FWwd

Course Updates https://courses.davegray.codes/

Node.js JWT Authentication, Refresh Token Rotation and Reuse Detection

(00:00) Intro
(00:12) Welcome
(00:40) Refresh Token Rotation Explained
(02:26) Multiple Device / Login Support
(04:03) Refresh Token Reuse Detection
(11:08) Refresh Controller
(16:50) Logout Controller
(17:46) Auth Controller
(21:09) Verify logout deletes refresh token
(22:31) Delete an old token at login
(24:46) Identify an expired refresh token
(27:09) Confirm refresh token reuse detection
(30:59) Check multi device / login support
(32:32) Last Minute Addition: An important scenario

Buy Me A Coffee: https://www.buymeacoffee.com/davegray

TLDR: Nothing in the browser is 100% completely secure. We just secure it as best we can.

Postman: https://www.postman.com/downloads/

Refresh Token Rotation and Reuse Detection References:
Refresh Token Rotation at Auth0: https://auth0.com/docs/secure/tokens/refresh-tokens/refresh-token-rotation
Refresh Token Rotation (LogRocket): https://blog.logrocket.com/persistent-login-in-react-using-refresh-token-rotation/
Is Refresh Token Rotation Really Enough?: https://stackoverflow.com/questions/64708231/refresh-token-rotation-is-it-really-enough

JWT References:
Intro to JSON Web Tokens: https://jwt.io/introduction
All You Need to Know About Storing JWT in the Frontend: https://dev.to/cotter/localstorage-vs-cookies-all-you-need-to-know-about-storing-jwt-tokens-securely-in-the-front-end-15id
NPM jsonwebtoken package: https://www.npmjs.com/package/jsonwebtoken
NPM cookie-parser package: https://www.npmjs.com/package/cookie-parser
Deleting Cookies: http://expressjs.com/en/api.html#res.clearCookie
Cross-Site Scripting (XSS): https://owasp.org/www-community/attacks/xss/
Cross-Site Request Forgery (CSRF): https://owasp.org/www-community/attacks/csrf
REST Security Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html

Visual Studio Code: https://code.visualstudio.com/

Follow Me:
Github: https://github.com/gitdagray
Twitter: https://twitter.com/yesdavidgray
LinkedIn: https://www.linkedin.com/in/davidagray/
Blog: https://yesdavidgray.com
Reddit: https://www.reddit.com/user/DaveOnEleven


Was this Node.js JWT Auth tutorial about refresh token rotation and reuse detection helpful? If so, please share. Let me know your thoughts in the comments.

#refresh #token #rotation